Normally, setting persons to active/inactive is managed in the AD or HR system and handled in Identity Manager via the automatic import. Optionally, they can be available as manual processes.
Standard workflow
Actor | Action | Option | Physical ID | Digital ID | Physical access | |
---|---|---|---|---|---|---|
1 | Registration officer or Helpdesk | In Identity Manager: Browses for the person and clicks Deactivate. | - |
|
|
|
2 | Identity Manager | Sets person to Inactive, removes all roles. | - |
|
|
|
3 | Identity Manager | Optionally, locks any connected cards. | - |
|
|
|
4 | Identity Manager | Exports the card data to the PACS system. |
| |||
5 | Identity Manager | Locks any software tokens. | - |
|
| |
6 | CA | Revokes any certificates. | - |
|
|
Technical references
Option | Process |
---|---|
Deactivate employee | BaseProcDeactivateEmployee (see image) |
Deactivate contractor | BaseProcDeactivateContractor |
Deactivate visitor | BaseProcDeactivateVisitor |
Deactivate employee and physical IDs | CCProcDeactivateEmployee |
Deactivate contractor and physical IDs | CCProcDeactivateContractor |
Deactivate visitor and physical IDs | CCProcDeactivateVisitor |
Deactivate employee and digital IDs | PcmProcDeactivateEmployee |
Deactivate contractor and digital IDs | PcmProcDeactivateContractor |
Deactivate visitor and digital IDs | PcmProcDeactivateVisitor |